Oval Definition:oval:org.opensuse.security:def:57652
Revision Date:2020-12-01Version:1
Title:Security update for xen (Important)
Description:

xen was updated to fix 47 security issues.

These security issues were fixed: - CVE-2013-4527: Buffer overflow in hw/timer/hpet.c might have allowed remote attackers to execute arbitrary code via vectors related to the number of timers (bnc#864673). - CVE-2013-4529: Buffer overflow in hw/pci/pcie_aer.c allowed remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image (bnc#864678). - CVE-2013-4530: Buffer overflow in hw/ssi/pl022.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image (bnc#864682). - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image (bsc#864655). - CVE-2013-4534: Buffer overflow in hw/intc/openpic.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements (bsc#864811). - CVE-2013-4537: The ssi_sd_transfer function in hw/sd/ssi-sd.c allowed remote attackers to execute arbitrary code via a crafted arglen value in a savevm image (bsc#864391). - CVE-2013-4538: Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image (bsc#864769). - CVE-2013-4539: Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c might have allowed remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image (bsc#864805). - CVE-2014-0222: Integer overflow in the qcow_open function in block/qcow.c allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2014-3640: The sosendto function in slirp/udp.c allowed local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket (bsc#897654). - CVE-2014-3689: The vmware-vga driver (hw/display/vmware_vga.c) allowed local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling (bsc#901508). - CVE-2014-7815: The set_pixel_format function in ui/vnc.c allowed remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value (bsc#902737). - CVE-2014-9718: The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality had multiple interpretations of a function's return value, which allowed guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions (bsc#928393). - CVE-2015-1779: The VNC websocket frame decoder allowed remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section (bsc#924018). - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989). - CVE-2015-6855: hw/ide/core.c did not properly restrict the commands accepted by an ATAPI device, which allowed guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash (bsc#945404). - CVE-2015-7512: Buffer overflow in the pcnet_receive function in hw/net/pcnet.c, when a guest NIC has a larger MTU, allowed remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet (bsc#957162). - CVE-2015-7549: pci: NULL pointer dereference issue (bsc#958917). - CVE-2015-8345: eepro100: infinite loop in processing command block list (bsc#956829). - CVE-2015-8504: VNC: floating point exception (bsc#958491). - CVE-2015-8550: Paravirtualized drivers were incautious about shared memory contents (XSA-155) (bsc#957988). - CVE-2015-8554: qemu-dm buffer overrun in MSI-X handling (XSA-164) (bsc#958007). - CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization (XSA-165) (bsc#958009). - CVE-2015-8558: Infinite loop in ehci_advance_state resulted in DoS (bsc#959005). - CVE-2015-8567: vmxnet3: host memory leakage (bsc#959387). - CVE-2015-8568: vmxnet3: host memory leakage (bsc#959387). - CVE-2015-8613: SCSI: stack based buffer overflow in megasas_ctrl_get_info (bsc#961358). - CVE-2015-8619: Stack based OOB write in hmp_sendkey routine (bsc#960334). - CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions (bsc#960725). - CVE-2015-8744: vmxnet3: Incorrect l2 header validation lead to a crash via assert(2) call (bsc#960835). - CVE-2015-8745: Reading IMR registers lead to a crash via assert(2) call (bsc#960707). - CVE-2015-8817: OOB access in address_space_rw lead to segmentation fault (I) (bsc#969121). - CVE-2015-8818: OOB access in address_space_rw lead to segmentation fault (II) (bsc#969122). - CVE-2016-1568: AHCI use-after-free vulnerability in aio port commands (bsc#961332). - CVE-2016-1570: The PV superpage functionality in arch/x86/mm.c allowed local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates (bsc#960861). - CVE-2016-1571: VMX: intercept issue with INVLPG on non-canonical address (XSA-168) (bsc#960862). - CVE-2016-1714: nvram: OOB r/w access in processing firmware configurations (bsc#961691). - CVE-2016-1922: NULL pointer dereference in vapic_write() (bsc#962320). - CVE-2016-1981: e1000 infinite loop in start_xmit and e1000_receive_iov routines (bsc#963782). - CVE-2016-2198: EHCI NULL pointer dereference in ehci_caps_write (bsc#964413). - CVE-2016-2270: Xen allowed local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings (bsc#965315). - CVE-2016-2271: VMX when using an Intel or Cyrix CPU, allowed local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP (bsc#965317). - CVE-2016-2391: usb: multiple eof_timers in ohci module lead to NULL pointer dereference (bsc#967013). - CVE-2016-2392: NULL pointer dereference in remote NDIS control message handling (bsc#967012). - CVE-2016-2538: Integer overflow in remote NDIS control message handling (bsc#967969). - CVE-2016-2841: ne2000: Infinite loop in ne2000_receive (bsc#969350). - XSA-166: ioreq handling possibly susceptible to multiple read issue (bsc#958523).

These non-security issues were fixed: - bsc#954872: script block-dmmd not working as expected - bsc#963923: domain weights not honored when sched-credit tslice is reduced - bsc#959695: Missing docs for xen - bsc#967630: Discrepancy in reported memory size with correction XSA-153 for xend - bsc#959928: When DomU is in state running xm domstate returned nothing
Family:unixClass:patch
Status:Reference(s):1001374
1008047
1008050
1014172
1025506
1027024
1027025
1027026
1027038
1030050
1031450
1031451
1048289
1048544
1049877
1056284
1083304
1083305
1096723
1102682
1105323
1106191
1138034
1171252
1171254
1172524
864391
864655
864673
864678
864682
864769
864805
864811
877642
897654
901508
902737
924018
928393
945404
945989
954872
956829
957162
957988
958007
958009
958491
958523
958917
959005
959387
959695
959928
960334
960707
960725
960835
960861
960862
961332
961358
961691
962320
963782
963923
964413
965315
965317
967012
967013
967630
967969
969121
969122
969350
CVE-2008-1420
CVE-2008-4316
CVE-2009-0696
CVE-2009-3379
CVE-2009-4022
CVE-2010-3613
CVE-2010-3614
CVE-2010-3615
CVE-2011-0414
CVE-2011-0465
CVE-2011-1907
CVE-2011-1910
CVE-2011-2464
CVE-2011-4313
CVE-2012-0444
CVE-2012-1667
CVE-2012-2673
CVE-2012-3524
CVE-2012-3817
CVE-2012-3868
CVE-2012-4244
CVE-2012-5166
CVE-2012-5688
CVE-2012-5689
CVE-2013-2266
CVE-2013-4527
CVE-2013-4529
CVE-2013-4530
CVE-2013-4533
CVE-2013-4534
CVE-2013-4537
CVE-2013-4538
CVE-2013-4539
CVE-2013-4854
CVE-2014-0222
CVE-2014-0591
CVE-2014-3640
CVE-2014-3689
CVE-2014-7815
CVE-2014-8500
CVE-2014-8962
CVE-2014-9028
CVE-2014-9718
CVE-2015-1349
CVE-2015-1779
CVE-2015-4620
CVE-2015-5278
CVE-2015-5477
CVE-2015-5722
CVE-2015-6855
CVE-2015-7512
CVE-2015-7549
CVE-2015-8000
CVE-2015-8345
CVE-2015-8504
CVE-2015-8550
CVE-2015-8554
CVE-2015-8555
CVE-2015-8558
CVE-2015-8567
CVE-2015-8568
CVE-2015-8613
CVE-2015-8619
CVE-2015-8704
CVE-2015-8743
CVE-2015-8744
CVE-2015-8745
CVE-2015-8817
CVE-2015-8818
CVE-2016-1285
CVE-2016-1286
CVE-2016-1568
CVE-2016-1570
CVE-2016-1571
CVE-2016-1714
CVE-2016-1922
CVE-2016-1981
CVE-2016-2183
CVE-2016-2198
CVE-2016-2270
CVE-2016-2271
CVE-2016-2391
CVE-2016-2392
CVE-2016-2538
CVE-2016-2776
CVE-2016-2841
CVE-2016-7401
CVE-2016-9013
CVE-2016-9014
CVE-2016-9042
CVE-2017-12794
CVE-2017-2862
CVE-2017-2870
CVE-2017-6312
CVE-2017-6313
CVE-2017-6314
CVE-2017-6318
CVE-2017-6451
CVE-2017-6458
CVE-2017-6460
CVE-2017-6462
CVE-2017-6463
CVE-2017-6464
CVE-2017-7233
CVE-2017-7234
CVE-2018-1000026
CVE-2018-10902
CVE-2018-10938
CVE-2018-5390
CVE-2018-7536
CVE-2018-7537
CVE-2019-10164
CVE-2020-12653
CVE-2020-12654
CVE-2020-12861
CVE-2020-12862
CVE-2020-12863
CVE-2020-12864
CVE-2020-12865
CVE-2020-12866
CVE-2020-12867
SUSE-SU-2016:0955-1
SUSE-SU-2017:0839-1
SUSE-SU-2017:1048-1
SUSE-SU-2017:2381-1
SUSE-SU-2018:0973-1
SUSE-SU-2019:0955-1
SUSE-SU-2019:1783-1
SUSE-SU-2020:3125-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • libpango-1_0-0-1.40.14-lp150.1 is installed
  • OR typelib-1_0-Pango-1_0-1.40.14-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • exempi-2.4.5-lp151.3.3 is installed
  • OR exempi-tools-2.4.5-lp151.3.3 is installed
  • OR libexempi-devel-2.4.5-lp151.3.3 is installed
  • OR libexempi3-2.4.5-lp151.3.3 is installed
  • OR libexempi3-32bit-2.4.5-lp151.3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • xen-4.4.4_02-32 is installed
  • OR xen-doc-html-4.4.4_02-32 is installed
  • OR xen-kmp-default-4.4.4_02_3.0.101_68-32 is installed
  • OR xen-kmp-pae-4.4.4_02_3.0.101_68-32 is installed
  • OR xen-libs-4.4.4_02-32 is installed
  • OR xen-libs-32bit-4.4.4_02-32 is installed
  • OR xen-tools-4.4.4_02-32 is installed
  • OR xen-tools-domU-4.4.4_02-32 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • ntp-4.2.8p10-60 is installed
  • OR ntp-doc-4.2.8p10-60 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • glib2-lang-2.48.2-10 is installed
  • OR glib2-tools-2.48.2-10 is installed
  • OR libgio-2_0-0-2.48.2-10 is installed
  • OR libgio-2_0-0-32bit-2.48.2-10 is installed
  • OR libglib-2_0-0-2.48.2-10 is installed
  • OR libglib-2_0-0-32bit-2.48.2-10 is installed
  • OR libgmodule-2_0-0-2.48.2-10 is installed
  • OR libgmodule-2_0-0-32bit-2.48.2-10 is installed
  • OR libgobject-2_0-0-2.48.2-10 is installed
  • OR libgobject-2_0-0-32bit-2.48.2-10 is installed
  • OR libgthread-2_0-0-2.48.2-10 is installed
  • OR libgthread-2_0-0-32bit-2.48.2-10 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • MozillaFirefox-52.9.0esr-109.38 is installed
  • OR MozillaFirefox-devel-52.9.0esr-109.38 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • libvirt-2.0.0-27.45 is installed
  • OR libvirt-client-2.0.0-27.45 is installed
  • OR libvirt-daemon-2.0.0-27.45 is installed
  • OR libvirt-daemon-config-network-2.0.0-27.45 is installed
  • OR libvirt-daemon-config-nwfilter-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-interface-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-libxl-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-lxc-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-network-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-nodedev-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-nwfilter-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-qemu-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-secret-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-storage-2.0.0-27.45 is installed
  • OR libvirt-daemon-hooks-2.0.0-27.45 is installed
  • OR libvirt-daemon-lxc-2.0.0-27.45 is installed
  • OR libvirt-daemon-qemu-2.0.0-27.45 is installed
  • OR libvirt-daemon-xen-2.0.0-27.45 is installed
  • OR libvirt-doc-2.0.0-27.45 is installed
  • OR libvirt-lock-sanlock-2.0.0-27.45 is installed
  • OR libvirt-nss-2.0.0-27.45 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_74-92_38-default-12-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_13-12-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • cron-4.2-58 is installed
  • OR cronie-1.4.11-58 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • libX11-1.6.2-12.8 is installed
  • OR libX11-6-1.6.2-12.8 is installed
  • OR libX11-6-32bit-1.6.2-12.8 is installed
  • OR libX11-data-1.6.2-12.8 is installed
  • OR libX11-xcb1-1.6.2-12.8 is installed
  • OR libX11-xcb1-32bit-1.6.2-12.8 is installed
  • OR libxcb-1.10-4.5 is installed
  • OR libxcb-dri2-0-1.10-4.5 is installed
  • OR libxcb-dri2-0-32bit-1.10-4.5 is installed
  • OR libxcb-dri3-0-1.10-4.5 is installed
  • OR libxcb-dri3-0-32bit-1.10-4.5 is installed
  • OR libxcb-glx0-1.10-4.5 is installed
  • OR libxcb-glx0-32bit-1.10-4.5 is installed
  • OR libxcb-present0-1.10-4.5 is installed
  • OR libxcb-present0-32bit-1.10-4.5 is installed
  • OR libxcb-randr0-1.10-4.5 is installed
  • OR libxcb-render0-1.10-4.5 is installed
  • OR libxcb-render0-32bit-1.10-4.5 is installed
  • OR libxcb-shape0-1.10-4.5 is installed
  • OR libxcb-shm0-1.10-4.5 is installed
  • OR libxcb-shm0-32bit-1.10-4.5 is installed
  • OR libxcb-sync1-1.10-4.5 is installed
  • OR libxcb-sync1-32bit-1.10-4.5 is installed
  • OR libxcb-xf86dri0-1.10-4.5 is installed
  • OR libxcb-xfixes0-1.10-4.5 is installed
  • OR libxcb-xfixes0-32bit-1.10-4.5 is installed
  • OR libxcb-xinerama0-1.10-4.5 is installed
  • OR libxcb-xkb1-1.10-4.5 is installed
  • OR libxcb-xkb1-32bit-1.10-4.5 is installed
  • OR libxcb-xv0-1.10-4.5 is installed
  • OR libxcb1-1.10-4.5 is installed
  • OR libxcb1-32bit-1.10-4.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • libopenssl-devel-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-32bit-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-hmac-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.55 is installed
  • OR openssl-1.0.2j-60.55 is installed
  • OR openssl-doc-1.0.2j-60.55 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libspice-client-glib-2_0-8-0.33-3.6 is installed
  • OR libspice-client-glib-helper-0.33-3.6 is installed
  • OR libspice-client-gtk-3_0-5-0.33-3.6 is installed
  • OR libspice-controller0-0.33-3.6 is installed
  • OR spice-gtk-0.33-3.6 is installed
  • OR typelib-1_0-SpiceClientGlib-2_0-0.33-3.6 is installed
  • OR typelib-1_0-SpiceClientGtk-3_0-0.33-3.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • cvs-1.12.12-182.3 is installed
  • OR cvs-doc-1.12.12-182.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND python-Django-1.8.19-3.4 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • MozillaFirefox-60.9.0-109.86 is installed
  • OR MozillaFirefox-translations-common-60.9.0-109.86 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND python-Django-1.11.11-3.3 is installed
    • BACK